Security Policy Control

The Security Policy Control action enables or disables a policy defined within the current node.


You must have previously defined policies in order to use this action.
Suppose your organization has enabled a set of policies that control the way resources are used. For example, there might be a policy named FloorDevices101 that allows certain users read access to all device variables on the node. Using the Workbench, you can create security policies from the Administration's Security tab.

Once the policy is created, you can assign a user access to that policy.

The AAATech role has access to resources for FloorDevices101.

Parameter description


Parameter Description
Operation Options are Enable Policy or Disable Policy.
  • Enable Policy — Activates the selected policy when the trigger executes. It is assumed that the state of the policy is set to Disable on the Administration's Security tab.

    If you set Operation to Enable Policy and the state of the policy is set to Enabled on the Security tab, the trigger will fail.
  • Disable Policy — Disables the selected policy when the trigger executes. It is assumed that the state of the policy was set to Enable on the Administration's Security tab. If you set Operation to Disable Policy and the state of the policy is set to Disabled on the Security tab, the trigger will fail.
Policy Name Use the Policy down-arrow to display a list of policies available for the current node.

For this example, FloorDevices101 and FloorDevices102 were defined on the Administration's Security tab and became available for the Security Policy Control action. Because the Enable Policy is selected, upon execution of the trigger, enforcement of one of the selected policy will be enabled when the security action is performed.


Example trigger - Security Policy Control

This example describes a trigger that will enable the read/write access between two devices. For this example, two policies have been defined that control different devices on the floor. These policies are named FloorDevices101 and FloorDevices102.


The trigger is configured to execute whenever the value of a device variable defined on a third device changes. The value of this variable will determine which of the two policies will be enabled and which is disabled. For the example, an If action is added to the trigger that will branch to enable the policies of either the FloorDevices101 policy or the FloorDevices102 policy. The following shows the Routing tab for the If action.


In addition to enabling one policy or another policy, the trigger will also disable the other policy. The following shows the Routing tab associated with Action 2: Security Policy Control: Enable Policy FloorDevices101.


Notice that if the enablement of the FloorDevices101 policy is successful, the next action performed will disable the FloorDevices102 policy. The following shows the full list of actions associated with this example trigger.